Google recently launched a surveillance company based in Barcelona with the name Variston IT accused of exploiting zero-day vulnerabilities in Google Chrome, Mozilla Firefox, and Microsoft Windows operating systems. Some of these major security vulnerabilities were discovered four years ago.
In this regard, the researchers of the Google TAG analytical group have acknowledged that the software framework of the Spanish company Heliconia can exploit zero-day vulnerabilities in popular browsers as well as Microsoft Defender, and this software platform has all the necessary tools to implement and execute malicious commands and codes in the system. It also provides sacrifice.
In this regard, the Variston IT website claims that the company provides customized information security solutions to its customers, however these vulnerabilities were patched by Google, Microsoft and Mozilla in 2021 and early 2022, but the company seems It is exploiting these security problems and offers its customers solutions to install malware on the target systems.
The abuse of the software platform of the Spanish company from the vulnerabilities of Google Chrome
Google Chrome and browsers supporting the Chromium project identify Internet threats and isolate them in the sandbox to prevent their spread. Soft, another part of the Spanish company’s software core, uses a web-based framework designed to create a fake PDF document, and exploits the CVE-2021-42298 security issue that allows remote malicious code execution on Windows. And it affects the performance of Windows Defender.
This vulnerability was also fixed by Microsoft last November. The third software framework is Files and includes methods to exploit Firefox on Linux and Windows operating systems using the CVE-2022-26485 vulnerability.
The security bug was first reported in 2022 but is said to have been exploited by hackers since 2019. Google’s TAG security team stated that it became aware of the activities of the Heliconia software framework after receiving a report from an anonymous person. This part of Google also pointed out that currently there is no evidence that this software platform will not be stopped or further developed, and the provision of such software platforms will ultimately endanger the security of users.
- Testimony of the senior researcher of Google and Citizen Lab in Congress regarding spyware
- Google’s warning about Rubica’s spying and the company’s statement in this regard
- Closer Than a Jugular Vein – FBI Spyware to Monitor Citizens
- The former NSA employee was accused of spying and selling classified US documents